Information Security Risk Analyst

About The Position

Requirements

• 3+ years of experience in Governance, Risk & Compliance, IT Audit, or Security Risk
• Hands-on experience with at least one framework: PCI DSS, SOX, or NIST
• Working knowledge of identity governance concepts
• Strong analytical, documentation, and communication skills

Nice To Haves

• Experience with TPRM programs or GRC platforms
• Exposure to public accounting, consulting, or regulated enterprises
• Relevant certifications (CISA, CISSP, ISO 27001) a plus

Responsibilities

• Lead and support audits including PCI DSS, SOX, and NIST CSF
• Coordinate evidence collection, control testing, and remediation tracking
• Maintain and enhance security policies, procedures, and audit documentation
• Partner with Internal Audit and Accounting on annual and quarterly audit requirements
• Own the end-to-end third-party risk lifecycle
• Perform security assessments for new and existing vendors
• Partner with Legal, Procurement, and business teams on vendor risk decisions
• Develop risk scoring, reporting, and ongoing monitoring processes
• Review and analyze Active Directory and Entra ID access reports
• Support SOX access reviews and privilege validation
• Identify access anomalies and partner with IT/Security for remediation
• Ensure access changes follow approval and ticketing workflows
• Produce risk assessment and audit reports for leadership
• Assist with automating recurring audit and compliance reporting
• Track control failures, root causes, and remediation plans

Benefits

• Vacation and sick time
• Medical, Dental & Vision
• 401K with company match
• Tuition Reimbursement
• 25%-35% discount when dining as a guest
• Annual stipend for dining in our restaurants